C_nate
Rookie
Didn't see this on the front news page anywhere so I'm not sure if this is considered newsworthy enough but here are the details for anyone interested.
About 6 to 7 days ago, a German or Dutch player wrote an e-mail to Turbine explaining a security hole in their forums (a flaw that had been in place for up to five months) that allowed access to the information of lotro players. This is compounded by the fact that slightly before the game went free to play, they went from separate logins for the game and forums to a unified login. So forums login = game login meaning everyone has had the game PW compromised.
After not hearing any response from Turbine, the player posted screen shots of him accessing Turbines data base and claims to have had access of up to 1 million accounts.
The next day Turbine shut down their entire forums and community portals. It took them three days after being informed about the security flaw to "recommend" to players to change their passwords. Finally, one week later they are finally sending out e-mails to their players strongly suggesting a password change.
Even worse, either because they do not know yet or are in damage control spin mode, they have yet to make any kind of announcement whatsoever if credit card information was also compromised. (Guess they are following the Sony playbook or something.)
Anyway, there is my interesting news tidbit for the day.
About 6 to 7 days ago, a German or Dutch player wrote an e-mail to Turbine explaining a security hole in their forums (a flaw that had been in place for up to five months) that allowed access to the information of lotro players. This is compounded by the fact that slightly before the game went free to play, they went from separate logins for the game and forums to a unified login. So forums login = game login meaning everyone has had the game PW compromised.
After not hearing any response from Turbine, the player posted screen shots of him accessing Turbines data base and claims to have had access of up to 1 million accounts.
The next day Turbine shut down their entire forums and community portals. It took them three days after being informed about the security flaw to "recommend" to players to change their passwords. Finally, one week later they are finally sending out e-mails to their players strongly suggesting a password change.
Even worse, either because they do not know yet or are in damage control spin mode, they have yet to make any kind of announcement whatsoever if credit card information was also compromised. (Guess they are following the Sony playbook or something.)
Anyway, there is my interesting news tidbit for the day.
